OpenSSL 1.1 support status : what next?

George M. Garner Jr. ggarner_online at
Mon Jun 26 09:47:28 AEST 2017


The task becomes an "XKCD problem" only because you define the problem 
in terms of support for every conceivable crypto library.  In practice 
there are only libraries a few in common use with SSH (e.g. openssl, 
libressl).  If you define the task in terms of providing an abstraction 
that is able to support these common crypto libraries (with some measure 
of forward compatiblity) the task becomes more manageable.  In most 
cases a crypto api function can be defined in terms of an opaque state 
variable, a state type variable, input, input size, output, output size 
and a return value.

Any thing would be better than having #ifdef's scattered throughout the 



More information about the openssh-unix-dev mailing list